/*     */ package com.zimbra.cs.account.accesscontrol;
/*     */ 
/*     */ import com.zimbra.common.account.Key.AccountBy;
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.util.Log;
/*     */ import com.zimbra.common.util.ZimbraLog;
/*     */ import com.zimbra.cs.account.Account;
/*     */ import com.zimbra.cs.account.AuthToken;
/*     */ import com.zimbra.cs.account.DomainAccessManager;
/*     */ import com.zimbra.cs.account.Entry;
/*     */ import com.zimbra.cs.account.GuestAccount;
/*     */ import com.zimbra.cs.account.MailTarget;
/*     */ import com.zimbra.cs.account.Provisioning;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class DomainACLAccessManager
/*     */   extends DomainAccessManager
/*     */ {
/*     */   public DomainACLAccessManager()
/*     */     throws ServiceException
/*     */   {
/*  39 */     RightManager.getInstance();
/*     */   }
/*     */   
/*     */   public boolean canAccessAccount(AuthToken at, Account target, boolean asAdmin) throws ServiceException
/*     */   {
/*  44 */     if (super.canAccessAccount(at, target, asAdmin)) {
/*  45 */       return true;
/*     */     }
/*  47 */     return canDo(at, target, Rights.User.R_loginAs, asAdmin, false);
/*     */   }
/*     */   
/*     */   public boolean canAccessAccount(AuthToken at, Account target) throws ServiceException
/*     */   {
/*  52 */     return canAccessAccount(at, target, true);
/*     */   }
/*     */   
/*     */   public boolean canAccessAccount(Account credentials, Account target, boolean asAdmin) throws ServiceException
/*     */   {
/*  57 */     if (super.canAccessAccount(credentials, target, asAdmin)) {
/*  58 */       return true;
/*     */     }
/*  60 */     return canDo(credentials, target, Rights.User.R_loginAs, asAdmin, false);
/*     */   }
/*     */   
/*     */   public boolean canAccessAccount(Account credentials, Account target) throws ServiceException
/*     */   {
/*  65 */     return canAccessAccount(credentials, target, true);
/*     */   }
/*     */   
/*     */   public boolean canDo(MailTarget grantee, Entry target, Right rightNeeded, boolean asAdmin, boolean defaultGrant) {
/*     */     try {
/*  70 */       if (grantee == null) {
/*  71 */         grantee = GuestAccount.ANONYMOUS_ACCT;
/*     */       }
/*     */       
/*  74 */       if (((target instanceof Account)) && 
/*  75 */         (((Account)target).getId().equals(grantee.getId()))) {
/*  76 */         return true;
/*     */       }
/*     */       
/*     */ 
/*  80 */       if ((rightNeeded != Rights.User.R_loginAs) && 
/*  81 */         ((target instanceof Account)) && 
/*  82 */         ((grantee instanceof Account)) && (canAccessAccount((Account)grantee, (Account)target, asAdmin))) {
/*  83 */         return true;
/*     */       }
/*     */       
/*     */ 
/*     */ 
/*  88 */       Boolean result = CheckPresetRight.check(grantee, target, rightNeeded, false, null);
/*  89 */       if (result != null) {
/*  90 */         return result.booleanValue();
/*     */       }
/*     */       
/*  93 */       Boolean defaultValue = rightNeeded.getDefault();
/*  94 */       if (defaultValue != null) {
/*  95 */         return defaultValue.booleanValue();
/*     */       }
/*     */       
/*  98 */       return defaultGrant;
/*     */     }
/*     */     catch (ServiceException e)
/*     */     {
/* 102 */       ZimbraLog.account.warn("ACL checking failed: grantee=" + grantee.getName() + ", target=" + target.getLabel() + ", right=" + rightNeeded.getName() + " => denied", e);
/*     */     }
/*     */     
/*     */ 
/*     */ 
/*     */ 
/* 108 */     return false;
/*     */   }
/*     */   
/*     */   public boolean canDo(AuthToken grantee, Entry target, Right rightNeeded, boolean asAdmin, boolean defaultGrant) {
/*     */     try { Account granteeAcct;
/*     */       Account granteeAcct;
/* 114 */       if (grantee == null) {
/* 115 */         granteeAcct = GuestAccount.ANONYMOUS_ACCT; } else { Account granteeAcct;
/* 116 */         if (grantee.isZimbraUser()) {
/* 117 */           granteeAcct = Provisioning.getInstance().get(Key.AccountBy.id, grantee.getAccountId());
/*     */         } else
/* 119 */           granteeAcct = new GuestAccount(grantee);
/*     */       }
/* 121 */       return canDo(granteeAcct, target, rightNeeded, asAdmin, defaultGrant);
/*     */     } catch (ServiceException e) {
/* 123 */       ZimbraLog.account.warn("ACL checking failed: grantee=" + grantee.getAccountId() + ", target=" + target.getLabel() + ", right=" + rightNeeded.getName() + " => denied", e);
/*     */     }
/*     */     
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/* 130 */     return false;
/*     */   }
/*     */   
/*     */   public boolean canDo(String granteeEmail, Entry target, Right rightNeeded, boolean asAdmin, boolean defaultGrant) {
/*     */     try {
/* 135 */       Account granteeAcct = null;
/*     */       
/* 137 */       if (granteeEmail != null)
/* 138 */         granteeAcct = Provisioning.getInstance().get(Key.AccountBy.name, granteeEmail);
/* 139 */       if (granteeAcct == null) {
/* 140 */         granteeAcct = GuestAccount.ANONYMOUS_ACCT;
/*     */       }
/* 142 */       return canDo(granteeAcct, target, rightNeeded, asAdmin, defaultGrant);
/*     */     } catch (ServiceException e) {
/* 144 */       ZimbraLog.account.warn("ACL checking failed: grantee=" + granteeEmail + ", target=" + target.getLabel() + ", right=" + rightNeeded.getName() + " => denied", e);
/*     */     }
/*     */     
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/* 151 */     return false;
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/account/accesscontrol/DomainACLAccessManager.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */